Rhino Security Labs

IBM AIX Bellmail Privilege Escalation Vulnerability

Vulnerability Details

CVSS Rating: 7.8 (high)


Disclosing Company: Rhino Security Labs

Date: 02/15/2017

Status: Published

Affected software/version:
IBM AIX 6.1, 7.1, and 7.2


Disclosure Date


Vulnerability Description

Bellmail contained a vulnerability which allowed non-privileged users to escalate privileges through the email archiving functions 's' and 'w'. Due to lax access controls, attackers would be able to overwrite, or create, privileged files on the filesystem.

CVSS Metrics

CVSS Rating (version 3.0)

7.8 (High)

Impact Score

Exploitability Score



Attack Vector

Local Privilege Escalation

Attack Complexity (AC)Low Privileges Required (PR)Low User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)High Integrity (I)High Availability (A)High